Caddy Reverse Proxy Issue with Nextcloud All-in-One

1. The Problem I’m Having

I am trying to set up Caddy as a reverse proxy for Nextcloud All-in-One (AIO). However, I am encountering a “connection refused” error.

• I can access the Nextcloud AIO container directly via my server’s IP and port. From which I was able to download other nextcloud containers.
• Other services are successfully proxied through Caddy without issues.
• The problem seems to be specific to proxying the Nextcloud AIO container.

2. Error Messages and Full Log Output

Here is the error log from Caddy:

{"level":"debug","ts":1740318299.1760828,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"146.70.99.219","remote_port":"37363","subjects":["ncaio.datanotch.website"],"managed":true,"expiration":1747857216,"hash":"598237a32531d1c14f19a557e0dc70969d06d58d1e1f3851d4343257080e8941"}
{"level":"debug","ts":1740318299.4637141,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"nextcloud-aio-mastercontainer:11000","total_upstreams":1}
{"level":"debug","ts":1740318299.466965,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"nextcloud-aio-mastercontainer:11000","duration":0.002803152,"request":{"remote_ip":"146.70.99.219","remote_port":"37363","client_ip":"146.70.99.219","proto":"HTTP/2.0","method":"GET","host":"ncaio.datanotch.website","uri":"/","headers":{"Cache-Control":["max-age=0"],"Sec-Fetch-Site":["cross-site"],"Sec-Ch-Ua":["\"Not(A:Brand\";v=\"99\", \"Brave\";v=\"133\", \"Chromium\";v=\"133\""],"X-Forwarded-Host":["ncaio.datanotch.website"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"X-Forwarded-For":["146.70.99.219"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Priority":["u=0, i"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"ncaio.datanotch.website"}},"error":"dial tcp 172.21.0.3:11000: connect: connection refused"}
{"level":"error","ts":1740318299.467332,"logger":"http.log.error","msg":"dial tcp 172.21.0.3:11000: connect: connection refused","request":{"remote_ip":"146.70.99.219","remote_port":"37363","client_ip":"146.70.99.219","proto":"HTTP/2.0","method":"GET","host":"ncaio.datanotch.website","uri":"/","headers":{"Sec-Fetch-Site":["cross-site"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Gpc":["1"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["document"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Not(A:Brand\";v=\"99\", \"Brave\";v=\"133\", \"Chromium\";v=\"133\""],"Accept-Encoding":["gzip, deflate, br, zstd"],"Priority":["u=0, i"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"ncaio.xxxxxx.xxxxxx"}},"duration":0.003587865,"status":502,"err_id":"uyij28cys","err_trace":"reverseproxy.statusError (reverseproxy.go:1373)"}

Caddy Version

I am running Caddy v2.9.1 (v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=).

How I Installed and Ran Caddy

###Dockerfile for Custom Caddy Image

FROM caddy:builder AS builder

RUN xcaddy build \
    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
    --with github.com/caddy-dns/cloudflare

FROM caddy:alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
CMD ["caddy", "docker-proxy"]

Docker Compose for Caddy

services:
  caddy:
    image: caddy-image:1  # Custom Caddy image
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile  # Optional: Static Caddyfile
      - ./certs:/certs                    # Volume for certificates
      - ./config:/config                  # Volume for Caddy configuration
      - ./data:/data                      # Volume for Caddy data
      - ./sites:/srv                      # Volume for serving static files
      - /var/run/docker.sock:/var/run/docker.sock:ro  # Required for caddy-docker-proxy
    environment:
      - CADDY_DOCKER_PROXY_NETWORK=caddy_network  # Specify the network for caddy-docker-proxy
    networks:
      - caddy_network

networks:
  caddy_network:
    driver: bridge
    name: caddy_network
    external: true

Docker Compose for Nextcloud AIO

services:
  nextcloud:
    image: nextcloud/all-in-one:latest
    restart: unless-stopped
    container_name: nextcloud-aio-mastercontainer
    ports:
      - "8081:8080"
    environment:
      - APACHE_PORT=11000
      - APACHE_IP_BINDING=0.0.0.0
      - SKIP_DOMAIN_VALIDATION=false
      - NEXTCLOUD_UPLOAD_LIMIT=20G
      - NEXTCLOUD_MAX_TIME=3000
      - NEXTCLOUD_MEMORY_LIMIT=2024M
      - TALK_PORT=3478
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - caddy_network

networks:
  caddy_network:
    external: true
    name: caddy_network

volumes:
  nextcloud_aio_mastercontainer:
    name: nextcloud_aio_mastercontainer

Complete Caddy Configuration

Here is my Caddyfile:

{
        debug
        email xxxxxxxxxxxxxxxxxxx
        acme_ca https://acme-v02.api.letsencrypt.org/directory
        acme_dns cloudflare xxxxxxxxxxxxxxxxxxxxxxxxx
        default_sni xxxxxx.com
}

*.xxxxx.com {
        tls {
                dns cloudflare xxxxxxxxxxxxxxxxxxxx
        }
}
https://caddy.xxxxx.com:443 {
        respond "Hello, world!"
}

https://upk.xxxxx.com:443 {
        reverse_proxy uptime-kuma:3001

https://ncaio.xxxxx.com:443 {
        reverse_proxy nextcloud-aio-mastercontainer:11000
}

ADDITIONAL INFORMATIONS

The error dial tcp 172.21.0.3:11000: connect: connection refused suggests that Caddy cannot reach the Nextcloud AIO container at nextcloud-aio-mastercontainer:11000. I have modified my Caddyfile for nextcloud-aio block as this :

https://ncaio.xxxxxx.xxxx:443 {
        reverse_proxy nextcloud-aio-apache:11000
}

and

https://ncaio.xxxxxxx:443 {
        reverse_proxy nextcloud-aio-mastercontainer:8081
}

and

https://ncaio.xxxxxxxx.:443 {
        reverse_proxy nextcloud-aio-apache:8081
}

Neither worked, I either got a timeout error or connection refused error

Since this is an external network, can you explain how it’s configured?

Also, can you ping nextcloud-aio-mastercontainer from the caddy container?

Thanks for your response. I initially created the network using the docker network create caddy_network command. However, I was unable to ping the nextcloud-aio-mastercontainer from the Caddy container.

After inspecting the network configuration for nextcloud-aio-mastercontainer, I noticed it was connected to two networks. I detached it from the additional network, and I can now successfully ping nextcloud-aio-mastercontainer from the Caddy container.

However, despite this change, the issue persists, and Nextcloud is still not accessible via the domain